Allow certificate verification against known self signed certificate #321
Description
Proposal:
When given an expected certificate that the server will present, the influxdb client should validate against the given certificate.
Current behavior:
Currently VerifySsl only accepts a true or false parameter.
Desired behavior:
This is how I accomplish the desired behavior on the 3.x client using ServicePointManager by assuming the if the input isn't true or false that the parameter points to a file location of the certificate.
public static void InstallCertificateVerification(string type)
{
switch (type.ToLowerInvariant())
{
// Do not change default .net behavior when given True
case "true":
break;
// Do not verify certificate
case "false":
ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, errors) => true;
break;
// Else assume that it points to a file path of a self signed
// certificate that we will check against
default:
var cert = new X509Certificate2(type);
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) =>
errors == SslPolicyErrors.None ||
string.Equals(cert.Thumbprint, certificate.GetCertHashString(), StringComparison.InvariantCultureIgnoreCase);
break;
}
}Alternatives considered:
Until this feature is added, the alternative is to pin to 3.x and use the method shown above
Use case:
Disabling all ssl verifications is a heavy handed approach when one has a known certificate that is self signed